d692a227795f142c59b38057e9f69dc2_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d692a227795f142c59b38057e9f69dc2_JaffaCakes118
Size

175KB
MD5

d692a227795f142c59b38057e9f69dc2
SHA1

e6e8f2af5d77b584eb834c3e4bc22292ebb14786
SHA256

420e677265f57410af92eef01abcf515bf82d586a0d9b2eabdceafb5ec863ddb
SHA512

f2e97388157aad9ada5b12062181516128698a2bd32912a0c39cfd286eb491682a83d86992f89dff2670b01dde2054a364b116e64d1dece5871b3cffe316f8a3
SSDEEP

3072:oMZheUGUfDGjZIHb3j00NbTgScdWh1Vs7IAn8+PzmclZUyimp6JHlRAOJViH9e:ohUGUf7w/dW/s7Ic/kyi+6JHlRAfd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d692a227795f142c59b38057e9f69dc2_JaffaCakes118

Files

d692a227795f142c59b38057e9f69dc2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

a97edff17eb5e50a8c64faf37afb2f77

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceNamesA
LoadResource
GetLastError
GetModuleHandleA
GlobalAddAtomW
GlobalFree
LocalFree
SetLastError
InterlockedExchange
HeapAlloc
CloseHandle
MultiByteToWideChar
EnumResourceNamesA
FormatMessageA
FindFirstFileA
GetCommandLineA
HeapFree
FindResourceExA
GetProcAddress
LockResource
LoadLibraryW
GetCurrencyFormatA
FindNextFileW
GetCurrentDirectoryA
RaiseException
EnumResourceTypesA
SizeofResource
FindFirstFileW
EnumResourceLanguagesA
GetProcessHeap
Sleep

setupapi

CM_Get_Depth
CMP_WaitNoPendingInstallEvents
SetupDiGetDeviceRegistryPropertyA
CM_Get_DevNode_Status

user32

CharNextA
DispatchMessageA
EnumWindows
GetWindowThreadProcessId
MessageBoxA
GetMessageW
IsWindowVisible
LoadStringA
SetTimer
KillTimer
GetWindowTextA
CharUpperW
PeekMessageW
PostThreadMessageW
wsprintfW
wsprintfA

Sections

.text
Size: 95KB - Virtual size: 486KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ